information

Business Insider Intelligence is a new research and analysis service for real-time insight and intelligence about the Internet industry. The product is currently in beta. For more information, and to sign up for a free 30-day trial, click here.

Data is starting to trickle in and shape our understanding of the nascent mobile ad market. According to data from Flurry Analytics, 25- to 34-year-old females are the most valuable demographic for advertisers and publishers (as measured by the underlying click-through and conversion rates).

Last week, The Daily reported that Kanye West‘s charity spent more than a half-million dollars in 2010—but none of that money went to actual charitable causes.

After analyzing federal tax filings, the iPad newspaper found that in 2010, the Kanye West Foundation had expenditures totaling $572,383, but the majority of that went to employee salaries and other overhead expenses.

The charity didn’t even donate a single cent to an actual charity that year. And now, West’s foundation is in the process of being dissolved.

Since it’s easy to get bogged down in the numbers, Statista took The Daily’s findings and compiled information from the foundation’s tax filings to create the below infographic explaining where Kanye West’s money went and what happened to his so-called charity foundation. Complete with West’s stunner shades, obviously.

So the Attorney General and the six companies win for looking aware and concerned about online privacy, and the privacy zealots get to rest a little easier before going off on their next crusade. (Probably against Google.)

Plus, apps makers now all have to hire lawyers to write up these privacy policies and interns to put the policies online and build links to them in their apps. Which increases employment!

Trolls. They fill the internet with insults, dead-end arguments, and inanity the likes of which we’ve never seen. Or maybe we have. The Guardian’s David Mitchell notes that trolling comments aren’t all that different from graffiti, and should likewise carry no more weight.

More specifically, Mitchell is talking less about trolls as you and I know them and more about anonymous, often inaccurate online reviews. It’s not a bulletproof analogy by any means, but Mitchell’s idea does reframe the way you look at anonymous content in a compelling way:

When you read a bit of graffiti that says something like “Blair is a liar”, you don’t take it as fact. You may, independently, have concluded that it is fact. But you don’t think that the graffiti has provided that information. It is merely evidence that someone, when in possession of a spray can, wished to assert their belief in the millionaire former premier’s mendacity. It is unsubstantiated, anonymous opinion. We understand that instinctively. We need to start routinely applying those instincts to the web.

If you read a review, an opinion, a description or a fact and you don’t know who wrote it then it’s no more reliable than if it were sprayed on a railway bridge. We should always assume the worst so that all those who wish to convince… have an incentive to identify themselves.

The flip side of the coin, of course, is that anonymity is vital to the spread of information on the internet. The important tool to remember, as always, is your skepticism. Without it, you’re letting yourself get all worked up over graffiti. (And we’re not talking Banksy here—or even Hanksy.) Photo remixed from The Awl.

There was quite a stir sparked last week when it was revealed that Google was exploiting a loophole in a Apple’s Safari browser to track users through web ads, and that has now prompted a response from Microsoft’s Internet Explorer team, who unsurprisingly turned their attention to their own browser. In an official blog post today, they revealed that Google is indeed bypassing privacy settings in IE as well, although that’s only part of the story (more on that later). As Microsoft explains at some length, Google took advantage of what it describes as a “nuance” in the P3P specification, which effectively allowed it to bypass a user’s privacy settings and track them using cookies — a different method than that used in the case of Safari, but one that ultimately has the same goal. Microsoft says it’s contacted Google about the matter, but it’s offering a solution of its own in the meantime. It’ll require you to first upgrade to Internet Explorer 9 if you haven’t already, then install a Tracking Protection List that will completely block any such attempts by Google — details on it can be found at the source link below.

As ZDNet’s Mary Jo Foley notes, however, Google isn’t the only company that was discovered to be taking advantage of the P3P loophole. Researchers from Carnegie Mellon University’s CyLab say they alerted Microsoft to the vulnerability in 2010, and just two days ago the director of the lab, Lorrie Faith Cranor, wrote about about the issue again on the TAP blog (sponsored by Microsoft, incidentally), detailing how Facebook and others also sk! irt IE’s ability to block cookies. Indeed, Facebook readily admits on its site that it does not have a P3P policy, explaining that the standard is “out of date and does not reflect technologies that are currently in use on the web,” and that “most websites” also don’t currently have P3P policies. On that matter, Microsoft said in a statement to Foley that the “IE team is looking into the reports about Facebook,” but that it has “no additional information to share at this time.”

Update: Google’s Senior Vice President of Communications and Policy, Rachel Whetstone has now issued a statement in response to Microsoft’s blog post. It can be found in full after the break.

The internet is starting to realize something unsettling: our iPhones send information about the people we know to private servers, often without our permission. Some offending apps are fixing themselves. Some aren’t. But the underlying problem is much bigger.

Apple allows any app to access your address book at any time—it’s built into the iPhone’s core software. The idea is to make using these apps more seamless and magical, in that you won’t have dialog boxes popping up in your face all the time, the way Apple zealously guards your location permissions at an OS level—because fewer clicks mean a more graceful experience, right? Maybe, but the consequence is privacy shivved and consent nullified. Your phone makes decisions about what’s okay to share with a company, whose motivation is, ultimately, making money, without consulting you first.

Once you peel back that pretty skin of your phone and observe the software at work—we used a proxy application called Charles—watching the data that jumps between your phone and a remote server is plain. A little too plain. What can we see?

As Paul Haddad, the developer behind the popular Twitter client TapBot pointed out to me, some of App Store’s shiniest celebrities are among those that beam away your contact list in order to make hooking up with other friends who use the app smoother. From Haddad’s own findings:

Foursquare and Instagram have both recently updated to provide a much clearer warning of what you’re about to share. Which every single app should follow, providing clear warnings before they touch your contacts. But plenty of apps aren’t so generous. “A lot of other popular social networking apps send some data,” says Haddad, “mostly names, emails, phone numbers.” Instapaper, for example, transmits your address book’s email listings when you ask it to “search contacts” to connect with other friends using the app. The app never makes it clear that my data (shown up top) is leaving the phone—and once it’s out of your hands and in Instagram’s, all you can do is trust that it’ll be handled responsibly. You know, like not be stored permanently without your knowledge.

Trust is all we’ve got, and that’s not good. “Once the data is out of your device there’s no way to tell what happens to it,” explains Haddad. Companies might do the decent thing and delete your data immediately. Like Foursquare, which says it doesn’t store your data at all after matching your friends, and never has. Twitter keeps your address book data for 18 months “to make it easy for you and your contacts to discover each other on Twitter after you’ve signed up,” but can delete the data at any time with a link at the bottom of this page. Or a company might do the Path thing, storing that information indefinitely until they’re publicly shamed into doing otherwise. Or worse.

We need a solution, and goodwill on the part of app devs is going to cut it. All the ARE YOU SURE YOU WANT TO DO THIS? dialog boxes in the world won’t absolve Apple’s decision to hand out our address books on a pearly platter. iOS is the biggest threat to iOS—and nothing short of a major revision to the way Apple allows apps to run through your contacts should be acceptable. But is that even enough? Maybe not.

Jay Freeman, developer behind the massively popular jailbroken-iPhone program Cydia, doesn’t think Apple’s hand is enough to definitively state who gets your address book, and when:

“Neither Apple nor the application developer is in a good position to decide that ahead of time, and due to this neither Apple’s model of ‘any app can access the address book, no app can access your recent calls’, nor Google’s method of ‘developer claims they need X, take it or leave it’ is sufficient.”

Freeman’s solution? Cydia’s “one-off modifications to the underlying operating system” that we deal in, nicely transfers this control back to the user.” In other words, we can’t trust Apple or the people that make apps—so let’s just trust ourselves to control how iOS works.

Freeman left us with one, final, disquieting note. Shrewd devs and others with the knowhow have been able to dig through app traffic to find out of they’re shoveling around your address book. But there’s no easy way to do this—and if a dev really wants to sneak your data through the door, there’s technically nothing we can do to stop him: “There are tons of complex tricks that can be used to smuggle both information in network traffic and computation itself.” It’s a problem fundamental to computer science—once the data’s in a dev’s hands, he can conjure it away, too small to be noticed by App Store oversight in churning sea of other apps.

Unless Apple keeps him from getting that information in the first place by letting us all make informed decisions with our phone and the private life poured into it. Your move, iOS.

Most stocks–especially growth stocks–generally trend up over the long haul, so saying SELL often means betting against the odds and/or making a short-term timing call.

Stocks with excellent fundamentals don’t often go down just because they’re “expensive”–instead, they just get more expensive. So saying “SELL” based solely on valuation often sets the analyst up to be wrong.

The lack of SELL ratings makes SELL ratings sound like a complete condemnation of the company, to the point where it seems the analyst has a vendetta against it. The more polite way to tell people to sell, most folks on Wall Street whisper, is to say “hold”–or just ignore the stock altogether.

The issuance of a SELL rating often drives a stock down, hurting investors who own it. These investors will not usually say “thank you.” Instead, they’ll want your head.

Most investors are long-only, meaning they can only buy stocks, not short them. Thus, “SELL” ratings are only useful to hedge funds and investors who already own stocks.

Most companies refuse to talk to analysts who hit them with SELL ratings, thus reducing the analyst’s ability to gather information about the company.

If Kenneth G. Lieberthal were anything but a China expert at the Brookings institution, his travelling-in-China security procedures would read like the product of a paranoid mind that watched too many spy movies as a kid:

He leaves his cellphone and laptop at home and instead brings “loaner” devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop.”

Talk about overkill, right? Well he’s not alone. The Times reports that these seemingly paranoid precautions are par for the course for just about anyone with valuable information including government officials, researchers, and even normal businessmen who do business in China.

But what about the rest of us? I may not have any valuable state secrets or research that needs protecting but that doesn’t mean I want the Chinese government snooping on my internetting when I visit my grandparents (especially when the consequences can be so severe). In the past, I’ve relied on a combination of VPNs, TOR, and password-protecting everything I can, but now it sounds like even that isn’t enough. Or maybe it’s totally overkill given my general unimportance in the grand scheme of things. Dear readers, I ask you, how much security is enough when it comes to the average person on vacation? [NY Times]

The security PIN system that Google Wallet users have to enter to verify transactions has been compromised. Thankfully, the chances of your wallet being used against you is relatively low—assuming you haven’t rooted your phone, that is.

Since Wallet saves your PIN in an encrypted file on the phone itself, rather than the secured NFC chip, if your phone falls into the wrong hands, that person could lift your PIN file from the phone and simply crack it using brute force. From there, he’d have access to—and use of—your Wallet account.

Security firm, Zvelo, discovered and reported the issue to Google, but because Wallet’s security architecture, the change will require a fundamental rejiggering of the security protocols. Man, talk about an oversight. According to Zvelo,

The lynch-pin, however, was that within the PIN information section was a long integer “salt” and a SHA256 hex encoded string “hash”. Knowing that the PIN can only be a 4-digit numeric value, it dawned on us that a brute-force attack would only require calculating, at most, 10,000 SHA256 hashes…This completely negates all of the security of this mobile phone payment system.

So, if you are rooted, be sure to take some additional security steps to protect yourself like activating the lock screen, disabling the USB debugging option in settings, and enabling full-disk encryption. Or maybe not losing your phone in the first place. [Zvelo via Android Central via The Verge]

The security PIN system that Google Wallet users have to enter to verify transactions has been compromised. Thankfully, the chances of your wallet being used against you is relatively low—assuming you haven’t rooted your phone, that is.

Since Wallet saves your PIN in an encrypted file on the phone itself, rather than the secured NFC chip, if your phone falls into the wrong hands, that person could lift your PIN file from the phone and simply crack it using brute force. From there, he’d have access to—and use of—your Wallet account.

Security firm, Zvelo, discovered and reported the issue to Google, but because Wallet’s security architecture, the change will require a fundamental rejiggering of the security protocols. Man, talk about an oversight. According to Zvelo,

The lynch-pin, however, was that within the PIN information section was a long integer “salt” and a SHA256 hex encoded string “hash”. Knowing that the PIN can only be a 4-digit numeric value, it dawned on us that a brute-force attack would only require calculating, at most, 10,000 SHA256 hashes…This completely negates all of the security of this mobile phone payment system.

So, if you are rooted, be sure to take some additional security steps to protect yourself like activating the lock screen, disabling the USB debugging option in settings, and enabling full-disk encryption. Or maybe not losing your phone in the first place. [Zvelo via Android Central via The Verge]

Digital Consigliere

Dr. Augustine Fou is Digital Consigliere to marketing executives, advising them on digital strategy and Unified Marketing(tm). Dr Fou has over 17 years of in-the-trenches, hands-on experience, which enables him to provide objective, in-depth assessments of their current marketing programs and recommendations for improving business impact and ROI using digital insights.